Inactive can't delete this virus,I found it with NERO(CD burn),KIS failed

hd_pulse · 2010/07/07

[Inactive] can't delete this virus,I found it with NERO(CD burn),KIS failed

hi,

I've a worm or virus in my computer.My security KIS is unable to find it.A directory named

'Country' is resides in the C: (it is hidden)which contains a file named 'Life' which has embraced icon of

RecycleBin. I saw this file or directory with NERO while I was in the process of CD Burn.
Also when I enabled 'show all hidden files' option still the 'country' directory did not appeared.

I've tried removing it with command prompt (C:\rd country) and it says Access Denied.

Please Help.

PeteC · 2010/07/07

Please read this as indicated at the head of the forum and post the logs requested in this thread.

hd_pulse · 2010/07/07

Content of DDS

DDS (Ver_10-03-17.01) - NTFSx86
Run by ceis4 at 19:19:25.39 on Tue 07/06/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1315 [GMT 1:00]

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\IBM\SQLLIB\ITMA\TMAITM6\KUDCMA_DB2.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\Explorer.EXE
C:\Program Files\IBM\SQLLIB\BIN\db2fmp.exe
C:\PROGRA~1\IBM\SQLLIB\java\jdk\jre\bin\javaw.exe
C:\Program Files\ZTE EV-DO\bin\EVDO.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\ceis4\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uWindow Title = Service Pack 3 Internet Explorer
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat

7.0\activex\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet

security 2010\ievkbd.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security

2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe "
dRun: [msnsc] c:\windows\system32\msnsc.exe
dRunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll "
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
uPolicies-explorer: NoFileAssociate = 0 (0x0)
mPolicies-explorer: NoFileAssociate = 0 (0x0)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky

lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~1\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky

lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: {5CE0AF48-905A-4EFE-939B-3551F9831A73} = 218.248.240.181 218.248.255.193
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
mASetup: {J4NSLV-5KLEJN-K4NYB3-2MDL4S-BKL4M} - c:\country\life\rox.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ceis4\applic~1\mozilla\firefox\profiles\bfevyyya.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js -

pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ",

"chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ",

"chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

hd_pulse · 2010/07/07

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-6-15 128016]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-2-26 296976]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-7-3

303376]
R2 DB2MGMTSVC_DB2COPY1;DB2 Management Service (DB2COPY1);c:\program files\ibm\sqllib\bin\db2mgmtsvc.exe

[2007-10-3 38688]
R2 DB2REMOTECMD_DB2COPY1;DB2 Remote Command Server (DB2COPY1);c:\program files\ibm\sqllib\bin\db2rcmd.exe

[2007-10-3 29984]
R2 kudcma_DB2;Monitoring Agent for DB2 - DB2;c:\progra~1\ibm\sqllib\itma\tmaitm6\KUDCMA_DB2.exe [2010-6-21

1167360]
R2 SSHNAS;SSHNAS;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-5-13 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
R3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\drivers\ZTEusbser.sys [2010-6-13

94080]
S3 CQDETECT;Compaq Hardware Detection Service;c:\windows\system32\drivers\cqdetect.sys [2010-3-8 6496]
S3 DB2GOVERNOR_DB2COPY1;DB2 Governor (DB2COPY1);c:\program files\ibm\sqllib\bin\db2govds.exe [2007-10-3 18720]
S3 DB2LICD_DB2COPY1;DB2 License Server (DB2COPY1);c:\program files\ibm\sqllib\bin\db2licd.exe [2007-10-3 124192]

=============== Created Last 30 ================

2010-07-03 13:59:03 212240 ----a-w- c:\windows\system32\richtx32.ocx
2010-07-03 13:59:02 609584 ----a-w- c:\windows\system32\comctl32.ocx
2010-07-03 13:59:01 0 d-----w- c:\program files\Video Cutter
2010-07-02 17:47:25 0 d-----w- c:\program files\Easy Video Splitter
2010-07-01 22:24:43 257536 ----a-w- c:\windows\system32\sshnas21.dll
2010-06-30 22:43:15 171008 ----a-w- c:\windows\Iqeqaa.exe
2010-06-30 20:20:25 0 d-sh--r- C:\Country
2010-06-30 15:45:14 0 d-----w- c:\program files\YouTube Downloader
2010-06-27 17:17:10 6144 -c--a-w- c:\windows\system32\dllcache\kbd101.dll
2010-06-27 17:17:10 6144 ----a-w- c:\windows\system32\kbd101.dll
2010-06-27 10:01:13 0 d-----w- c:\docume~1\ceis4\applic~1\WordWeb
2010-06-23 12:20:18 0 d-----w- c:\program files\Brave Dwarves 2
2010-06-23 12:19:58 0 d-----w- c:\program files\ReflexiveArcade
2010-06-23 12:19:11 0 d-----w- c:\program files\NDSROM Player
2010-06-23 12:13:17 0 d-----w- c:\docume~1\ceis4\applic~1\smc
2010-06-23 10:10:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Soluto
2010-06-22 03:44:15 0 d-----w- c:\docume~1\ceis4\applic~1\ZTEEVDO
2010-06-21 14:47:57 0 d-----w- c:\docume~1\ceis4\applic~1\IBM
2010-06-21 13:51:18 0 d-----w- C:\DB2
2010-06-21 13:48:53 282 ----a-w- c:\windows\system32\CandleDb2Version
2010-06-21 13:45:15 0 d-----w- c:\windows\cluster
2010-06-21 13:42:42 0 d-----w- c:\program files\IBM
2010-06-19 06:07:45 0 d-----w- c:\docume~1\alluse~1\applic~1\IBM
2010-06-18 19:23:58 0 d-----w- C:\hindi songs
2010-06-18 05:29:10 700 ----a-w- C:\hg.java
2010-06-17 10:21:20 443 ----a-w- C:\Threaddemo.java
2010-06-17 10:21:20 108145 ----a-w- C:\545px-Cricket_field_positions.svg.png
2010-06-13 20:24:46 160484 ----a-w- c:\windows\hpoins45.dat
2010-06-13 20:24:45 524 ------w- c:\windows\hpomdl45.dat
2010-06-13 20:23:15 309760 ----a-r- c:\windows\system32\difxapi.dll
2010-06-13 20:23:14 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2010-06-13 20:23:14 315392 ----a-r- c:\windows\system32\hposc_d02a.dll
2010-06-13 20:23:13 589824 ----a-r- c:\windows\system32\hpost_d02b.dll
2010-06-13 20:23:12 712704 ----a-r- c:\windows\system32\hposwia_d02b.dll
2010-06-13 09:39:04 94080 ----a-w- c:\windows\system32\drivers\ZTEusbser.sys
2010-06-12 18:57:44 0 d-----w- c:\program files\WinGuides
2010-06-08 16:28:32 0 d-----w- c:\docume~1\alluse~1\applic~1\Autorun Eater
2010-06-08 12:24:41 0 d-----w- C:\calculation
2010-06-07 13:24:11 811008 ----a-w- c:\windows\FeedingFrenzy.scr
2010-06-07 13:09:37 0 d-----w- c:\program files\QK SMTP Server 3

==================== Find3M ====================

2010-05-24 20:52:36 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-17 15:14:59 22748 ----a-w- c:\windows\system32\emptyregdb.dat
2009-04-17 03:13:01 291515 --sha-w- c:\windows\config\systemidle.exe
2010-02-26 15:27:08 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat

============= FINISH: 19:20:46.15 ===============

hd_pulse · 2010/07/07

content of Attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/17/2010 4:23:43 PM
System Uptime: 7/6/2010 5:56:59 PM (2 hours ago)

Motherboard: | | LakePort
Processor: Intel(R) Pentium(R) 4 CPU 2.93GHz | Socket 775 | 2933/133mhz
Processor: Intel(R) Pentium(R) 4 CPU 2.93GHz | Socket 775 | 2933/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 44.322 GiB free.
D: is CDROM (CDFS)
L: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_813610EC&REV_01\4&1B41B794&0&00E0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_813610EC&REV_01\4&1B41B794&0&00E0
Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

µTorrent
32 Bit HP CIO Components Installer
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 7.0.5
AviSynth 2.5
Easy Video Splitter 1.28
Google Earth
Google Talk Plugin
Google Update Helper
Hotfix for Windows XP (KB942288-v3)
IBM DB2 Express Edition - DB2COPY1
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 20
Java(TM) SE Development Kit 6 Update 20
Kaspersky Internet Security 2010
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.6)
Nero Suite
Power Video Cutter 5.2
QK SMTP Server 3
Realtek High Definition Audio Driver
Software Update for Web Folders
Video Cutter 1.0
VLC media player 1.0.2
WebFldrs XP
Windows Registry Guide 2003
WinRAR archiver
WordWeb
Xilisoft Video to Audio Converter
YouTube Downloader 2.5.6
ZTE EV-DO

==== Event Viewer Messages From Past Week ========

7/6/2010 6:45:50 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by

+70200 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and

time zone are correct, and that the time source time.windows.com (ntp.m|0x1|117.254.38.187:123->207.46.197.32:123) is

working properly.
7/6/2010 3:31:49 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by

+70200 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and

time zone are correct, and that the time source time.windows.com (ntp.m|0x1|117.254.42.195:123->207.46.197.32:123) is

working properly.
7/6/2010 10:34:35 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually

configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket

operation was attempted to an unreachable host. (0x80072751)
7/6/2010 10:19:35 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually

configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket

operation was attempted to an unreachable host. (0x80072751)
7/5/2010 6:39:51 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by

+70200 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and

time zone are correct, and that the time source time.windows.com (ntp.m|0x1|117.254.55.45:123->207.46.197.32:123) is

working properly.
7/3/2010 12:08:00 AM, error: Service Control Manager [7034] - The DB2 Remote Command Server (DB2COPY1) service

terminated unexpectedly. It has done this 1 time(s).
7/3/2010 12:07:48 AM, error: Service Control Manager [7034] - The DB2 - DB2COPY1 - DB2 service terminated unexpectedly.

It has done this 1 time(s).
7/2/2010 5:44:02 PM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
7/2/2010 11:34:49 PM, error: DCOM [10000] - Unable to start a DCOM Server: {C2BFE331-6739-4270-86C9-493D9A04CD38}.

The error: "%193" Happened while starting this command: C:\WINDOWS\system32\igfxsrvc.exe -Embedding
7/2/2010 11:34:49 PM, error: DCOM [10000] - Unable to start a DCOM Server:

{078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}. The error: "%193" Happened while starting this command:

C:\WINDOWS\system32\igfxsrvc.exe -Embedding
7/2/2010 10:24:32 PM, error: Service Control Manager [7034] - The DB2DAS - DB2DAS00 service terminated unexpectedly.

It has done this 1 time(s).
6/30/2010 9:14:48 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
6/29/2010 10:03:21 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service StiSvc with

arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

==== End Of File ===========================

PeteC · 2010/07/07

I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them, and read the links above for educational value!

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

A Malware expert will have a look at your log in due course.

broni · 2010/07/07

Please, disable "word wrap" in Notepad, because your logs are hard to read.

STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Log in or Sign up

Inactive can't delete this virus,I found it with NERO(CD burn),KIS failed

hd_pulse Inactive Thread Starter

PeteC SuperGeek Staff

hd_pulse Inactive Thread Starter

hd_pulse Inactive Thread Starter

hd_pulse Inactive Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive can't delete this virus,I found it with NERO(CD burn),KIS failed

hd_pulse Inactive Thread Starter

PeteC SuperGeek Staff

hd_pulse Inactive Thread Starter

hd_pulse Inactive Thread Starter

hd_pulse Inactive Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

Share This Page

Useful Searches